Hello Dale,
sorry for the late reply.
Le 2015-10-21 17:14, Dale Whiteaker-Lewis a écrit :
Here is the process:
* Employee has a company-issued laptop
* Employee has a personal phone with WiFi.
* We have a WPA2 Enterprise SSID using 802.1x/EAP-PEAP-MSCHAPv2 for
authentication, with
Hello Dale,
i am not sure to understand the workflow you want to achieve.
What i think you can do is the following:
On the secure SSID you must have a way to detect that the device who is
trying to connect is a corporate device.
Per example for windows device you must do machine auth and after
Here is the process:
- Employee has a company-issued laptop
- Employee has a personal phone with WiFi.
- We have a WPA2 Enterprise SSID using 802.1x/EAP-PEAP-MSCHAPv2 for
authentication, with PF as the RADIUS server.
- We want to allow employee VLAN access for the laptop after
Hello Dale,
You probably have to create a vlan filter (vlan_filters.conf) for that, like if
the device try to connect on the Secure SSID but it's a mobile then refuse the
connection (or force guest role).
Something like:
[SECURESSID]
filter = ssid
operator = is
value = SECURE
[mobile]
filter
Thank you so much for the feedback, Fabrice.
So, that would redirect the mobile device user that authenticated to
the secure SSID to the guest role/VLAN. But, I dont' think that would
accommodate registration first, would it?
Can I auto-register from vlan_filters.conf, based on the 802.1x
I'm using PacketFence 5.4.0, and here is the scenario:
- I have separate wireless SSIDs for guests and employees. The guest
SSID is open (using MAC Authentication for registration with PF), and the
employee SSID is WPA2 Enterprise (with 802.1x auth).
- I have "guest," "employee," and
